Ransomware that is a result of users clicking on update notices they should not click is very hard to protect against.
Even Stuxnet was successful in crossing over to a separate network through the use of USB sticks.
Source: https://en.m.wikipedia.org/wiki/Stuxnet
I get the sentiment that Garmin should suffer due to paying the ransom, but I bet a lot of american companies would act the same way if it was their company on the line.
At least this incident should serve as a warning to other companies that Ransomware is very real and there has to be a plan for recovery without paying the ransom.
Those companies should have backups. If this was say a mafia type org that was going to kill people if they didn't pay up, it would be clearly wrong. If someone said they'd cut your internet links if you don't pay, it might be more obvious this extortion payment is wrong. And this can be defeated by having backups.
I get the sentiment that Garmin should suffer due to paying the ransom, but I bet a lot of american companies would act the same way if it was their company on the line.
At least this incident should serve as a warning to other companies that Ransomware is very real and there has to be a plan for recovery without paying the ransom.